CVE-2023-28771

Description

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Zyxel Corporation
Severity: CRITICAL
CVE ID: CVE-2023-28771
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

benjaminhays

PoC for CVE-2023-28771 based on Rapid7's excellent writeup

Refrence: GitHub

Content on GitHub

getdrive | watchers:56

PoC
PoC. Severity critical.

Refrence: GitHub

Description​

Proof Of Concept​

Content on GitHub​

Description

Proof Of Concept

Content on GitHub